PayPal recently confirmed a serious data breach tied to its Working Capital loan system, exposing sensitive user data for over five months. A coding error allowed unauthorized access, sparking concerns for affected users worldwide.
Breach Origins and Timeline
The incident began on July 1, 2025, when faulty code in PayPal’s loan application process enabled attackers to access systems undetected until December 12, 2025. PayPal reversed the code, revoked access, and started notifying impacted users by early February 2026. This six-month gap highlights delays in internal monitoring.
Compromised Information
Attackers obtained names, email addresses, phone numbers, business addresses, dates of birth, and Social Security numbers from a limited set of users, primarily Working Capital applicants. No core payment systems or full financial details were breached, but this data fuels phishing and identity theft risks.
User Impact and PayPal’s Fixes
Around 100 customers faced unauthorized transactions, with funds stolen in isolated cases—PayPal refunded all and reset passwords proactively.Core accounts stayed secure, but experts urge vigilance against targeted scams using the leaked info.
Protective Steps for Users
Monitor accounts for odd activity and enable two-factor authentication immediately. Freeze credit reports via agencies like Equifax and use unique, strong passwords—consider a manager like LastPass. Report suspicions to PayPal’s security center. This breach underscores why businesses must prioritize code reviews and real-time detection.
